Implemented improved BLISS-B signature algorithm
This commit is contained in:
Andreas Steffen
parent
d0d8568356
commit
c2aca9eed2
|
|
@ -28,6 +28,7 @@ plugins = \
|
|||
plugins/android_log.opt \
|
||||
plugins/attr.opt \
|
||||
plugins/attr-sql.opt \
|
||||
plugins/bliss.opt \
|
||||
plugins/certexpire.opt \
|
||||
plugins/coupling.opt \
|
||||
plugins/dhcp.opt \
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
charon.plugins.bliss.use_bliss_b = yes
|
||||
Use the enhanced BLISS-B key generation and signature algorithm.
|
||||
|
|
@ -218,6 +218,10 @@
|
|||
0x02 "BLISS-II" OID_BLISS_II
|
||||
0x03 "BLISS-III" OID_BLISS_III
|
||||
0x04 "BLISS-IV" OID_BLISS_IV
|
||||
0x05 "BLISS-B-I" OID_BLISS_B_I
|
||||
0x06 "BLISS-B-II" OID_BLISS_B_II
|
||||
0x07 "BLISS-B_III" OID_BLISS_B_III
|
||||
0x08 "BLISS-B_IV" OID_BLISS_B_IV
|
||||
0x03 "blissSigType"
|
||||
0x01 "BLISS-with-SHA512" OID_BLISS_WITH_SHA512
|
||||
0x89 ""
|
||||
|
|
|
|||
|
|
@ -27,10 +27,13 @@ bliss_huffman_code_t* bliss_huffman_code_get_by_id(bliss_param_set_id_t id)
|
|||
switch (id)
|
||||
{
|
||||
case BLISS_I:
|
||||
case BLISS_B_I:
|
||||
return &bliss_huffman_code_1;
|
||||
case BLISS_III:
|
||||
case BLISS_B_III:
|
||||
return &bliss_huffman_code_3;
|
||||
case BLISS_IV:
|
||||
case BLISS_B_IV:
|
||||
return &bliss_huffman_code_4;
|
||||
default:
|
||||
return NULL;
|
||||
|
|
|
|||
|
|
@ -17,11 +17,15 @@
|
|||
|
||||
#include <asn1/oid.h>
|
||||
|
||||
ENUM(bliss_param_set_id_names, BLISS_I, BLISS_IV,
|
||||
ENUM(bliss_param_set_id_names, BLISS_I, BLISS_B_IV,
|
||||
"BLISS-I",
|
||||
"BLISS-II",
|
||||
"BLISS-III",
|
||||
"BLISS-IV"
|
||||
"BLISS-IV",
|
||||
"BLISS-B-I",
|
||||
"BLISS-B-II",
|
||||
"BLISS-B-III",
|
||||
"BLISS-B-IV"
|
||||
);
|
||||
|
||||
/**
|
||||
|
|
@ -118,8 +122,8 @@ static uint8_t c_bliss_iv[] = {
|
|||
static bliss_param_set_t bliss_param_sets[] = {
|
||||
|
||||
/* BLISS-I scheme */
|
||||
{
|
||||
.id = BLISS_I,
|
||||
{
|
||||
.id = BLISS_I,
|
||||
.oid = OID_BLISS_I,
|
||||
.strength = 128,
|
||||
.q = 12289,
|
||||
|
|
@ -132,6 +136,7 @@ static bliss_param_set_t bliss_param_sets[] = {
|
|||
.non_zero2 = 0,
|
||||
.kappa = 23,
|
||||
.nks_max = 46479,
|
||||
.p_max = 0, /* not needed */
|
||||
.sigma = 215,
|
||||
.k_sigma = 254,
|
||||
.k_sigma_bits = 8,
|
||||
|
|
@ -141,14 +146,14 @@ static bliss_param_set_t bliss_param_sets[] = {
|
|||
.z1_bits = 12,
|
||||
.d = 10,
|
||||
.p = 24,
|
||||
.M = 46539,
|
||||
.B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */
|
||||
.M = 46539, /* with alpha = 1.000 */
|
||||
.B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */
|
||||
.B_l2 = 12872 * 12872
|
||||
},
|
||||
},
|
||||
|
||||
/* BLISS-III scheme */
|
||||
{
|
||||
.id = BLISS_III,
|
||||
{
|
||||
.id = BLISS_III,
|
||||
.oid = OID_BLISS_III,
|
||||
.strength = 160,
|
||||
.q = 12289,
|
||||
|
|
@ -161,6 +166,7 @@ static bliss_param_set_t bliss_param_sets[] = {
|
|||
.non_zero2 = 16,
|
||||
.kappa = 30,
|
||||
.nks_max = 128626,
|
||||
.p_max = 0, /* not needed */
|
||||
.sigma = 250,
|
||||
.k_sigma = 295,
|
||||
.k_sigma_bits = 9,
|
||||
|
|
@ -170,14 +176,14 @@ static bliss_param_set_t bliss_param_sets[] = {
|
|||
.z1_bits = 12,
|
||||
.d = 9,
|
||||
.p = 48,
|
||||
.M = 128113,
|
||||
.M = 128113, /* with alpha = 0.700 */
|
||||
.B_inf = 1760,
|
||||
.B_l2 = 10206 * 10206
|
||||
},
|
||||
},
|
||||
|
||||
/* BLISS-IV scheme */
|
||||
{
|
||||
.id = BLISS_IV,
|
||||
{
|
||||
.id = BLISS_IV,
|
||||
.oid = OID_BLISS_IV,
|
||||
.strength = 192,
|
||||
.q = 12289,
|
||||
|
|
@ -190,6 +196,7 @@ static bliss_param_set_t bliss_param_sets[] = {
|
|||
.non_zero2 = 31,
|
||||
.kappa = 39,
|
||||
.nks_max = 244669,
|
||||
.p_max = 0, /* not needed */
|
||||
.sigma = 271,
|
||||
.k_sigma = 320,
|
||||
.k_sigma_bits = 9,
|
||||
|
|
@ -199,10 +206,101 @@ static bliss_param_set_t bliss_param_sets[] = {
|
|||
.z1_bits = 12,
|
||||
.d = 8,
|
||||
.p = 96,
|
||||
.M = 244186,
|
||||
.M = 244186, /* with alpha = 0.550 */
|
||||
.B_inf = 1613,
|
||||
.B_l2 = 9901 * 9901
|
||||
}
|
||||
},
|
||||
|
||||
/* BLISS-B-I scheme */
|
||||
{
|
||||
.id = BLISS_B_I,
|
||||
.oid = OID_BLISS_B_I,
|
||||
.strength = 128,
|
||||
.q = 12289,
|
||||
.q_bits = 14,
|
||||
.q2_inv = 6145,
|
||||
.n = 512,
|
||||
.n_bits = 9,
|
||||
.fft_params = &bliss_fft_12289_512,
|
||||
.non_zero1 = 154,
|
||||
.non_zero2 = 0,
|
||||
.kappa = 23,
|
||||
.nks_max = 0, /* not needed */
|
||||
.p_max = 17825,
|
||||
.sigma = 215,
|
||||
.k_sigma = 254,
|
||||
.k_sigma_bits = 8,
|
||||
.c = c_bliss_i,
|
||||
.c_cols = 16,
|
||||
.c_rows = 21,
|
||||
.z1_bits = 12,
|
||||
.d = 10,
|
||||
.p = 24,
|
||||
.M = 17954, /* with alpha = 1.610 */
|
||||
.B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */
|
||||
.B_l2 = 12872 * 12872
|
||||
},
|
||||
|
||||
/* BLISS-B-III scheme */
|
||||
{
|
||||
.id = BLISS_B_III,
|
||||
.oid = OID_BLISS_B_III,
|
||||
.strength = 160,
|
||||
.q = 12289,
|
||||
.q_bits = 14,
|
||||
.q2_inv = 6145,
|
||||
.n = 512,
|
||||
.n_bits = 9,
|
||||
.fft_params = &bliss_fft_12289_512,
|
||||
.non_zero1 = 216,
|
||||
.non_zero2 = 16,
|
||||
.kappa = 30,
|
||||
.nks_max = 0, /* not needed */
|
||||
.p_max = 42270,
|
||||
.sigma = 250,
|
||||
.k_sigma = 295,
|
||||
.k_sigma_bits = 9,
|
||||
.c = c_bliss_iii,
|
||||
.c_cols = 16,
|
||||
.c_rows = 21,
|
||||
.z1_bits = 12,
|
||||
.d = 9,
|
||||
.p = 48,
|
||||
.M = 42455, /* with alpha = 1.216 */
|
||||
.B_inf = 1760,
|
||||
.B_l2 = 10206 * 10206
|
||||
},
|
||||
|
||||
/* BLISS-B-IV scheme */
|
||||
{
|
||||
.id = BLISS_B_IV,
|
||||
.oid = OID_BLISS_B_IV,
|
||||
.strength = 192,
|
||||
.q = 12289,
|
||||
.q_bits = 14,
|
||||
.q2_inv = 6145,
|
||||
.n = 512,
|
||||
.n_bits = 9,
|
||||
.fft_params = &bliss_fft_12289_512,
|
||||
.non_zero1 = 231,
|
||||
.non_zero2 = 31,
|
||||
.kappa = 39,
|
||||
.nks_max = 0, /* not needed */
|
||||
.p_max = 69576,
|
||||
.sigma = 271,
|
||||
.k_sigma = 320,
|
||||
.k_sigma_bits = 9,
|
||||
.c = c_bliss_iv,
|
||||
.c_cols = 16,
|
||||
.c_rows = 22,
|
||||
.z1_bits = 12,
|
||||
.d = 8,
|
||||
.p = 96,
|
||||
.M = 70034, /* with alpha = 1.027 */
|
||||
.B_inf = 1613,
|
||||
.B_l2 = 9901 * 9901
|
||||
}
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -33,10 +33,14 @@ typedef struct bliss_param_set_t bliss_param_set_t;
|
|||
* BLISS signature parameter set ID list
|
||||
*/
|
||||
enum bliss_param_set_id_t {
|
||||
BLISS_I = 1,
|
||||
BLISS_II = 2,
|
||||
BLISS_III = 3,
|
||||
BLISS_IV = 4
|
||||
BLISS_I = 1,
|
||||
BLISS_II = 2,
|
||||
BLISS_III = 3,
|
||||
BLISS_IV = 4,
|
||||
BLISS_B_I = 5,
|
||||
BLISS_B_II = 6,
|
||||
BLISS_B_III = 7,
|
||||
BLISS_B_IV = 8
|
||||
};
|
||||
|
||||
extern enum_name_t *bliss_param_set_id_names;
|
||||
|
|
@ -107,10 +111,15 @@ struct bliss_param_set_t {
|
|||
uint16_t kappa;
|
||||
|
||||
/**
|
||||
* Maximum Nk(S) tolerable NK(S) norm
|
||||
* Maximum Nk(S) tolerable NK(S) norm (BLISS only)
|
||||
*/
|
||||
uint32_t nks_max;
|
||||
|
||||
/**
|
||||
* Maximum value Pmax for ||Sc'||^2 norm (BLISS-B only)
|
||||
*/
|
||||
uint32_t p_max;
|
||||
|
||||
/**
|
||||
* Standard deviation sigma
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -102,6 +102,61 @@ static void multiply_by_c(int8_t *s, int n, uint16_t *c_indices,
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* BLISS-B GreedySC algorithm
|
||||
*/
|
||||
static void greedy_sc(int8_t *s1, int8_t *s2, int n, uint16_t *c_indices,
|
||||
uint16_t kappa, int32_t *v1, int32_t *v2)
|
||||
{
|
||||
int i, j, index;
|
||||
int32_t sign;
|
||||
|
||||
for (i = 0; i < n; i++)
|
||||
{
|
||||
v1[i] = v2[i] = 0;
|
||||
}
|
||||
for (j = 0; j < kappa; j++)
|
||||
{
|
||||
index = c_indices[j];
|
||||
sign = 0;
|
||||
|
||||
for (i = 0; i < index; i++)
|
||||
{
|
||||
sign -= (v1[i] * s1[i - index + n] + v2[i] * s2[i - index + n]);
|
||||
}
|
||||
for (i = index; i < n; i++)
|
||||
{
|
||||
sign += (v1[i] * s1[i - index] + v2[i] * s2[i - index]);
|
||||
}
|
||||
for (i = 0; i < index; i++)
|
||||
{
|
||||
if (sign > 0)
|
||||
{
|
||||
v1[i] += s1[i - index + n];
|
||||
v2[i] += s2[i - index + n];
|
||||
}
|
||||
else
|
||||
{
|
||||
v1[i] -= s1[i - index + n];
|
||||
v2[i] -= s2[i - index + n];
|
||||
}
|
||||
}
|
||||
for (i = index; i < n; i++)
|
||||
{
|
||||
if (sign > 0)
|
||||
{
|
||||
v1[i] -= s1[i - index];
|
||||
v2[i] -= s2[i - index];
|
||||
}
|
||||
else
|
||||
{
|
||||
v1[i] += s1[i - index];
|
||||
v2[i] += s2[i - index];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Compute a BLISS signature based on a SHA-512 hash
|
||||
*/
|
||||
|
|
@ -126,7 +181,7 @@ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this,
|
|||
double mean1 = 0, mean2 = 0, sigma1 = 0, sigma2 = 0;
|
||||
chunk_t seed;
|
||||
chunk_t data_hash = { data_hash_buf, sizeof(data_hash_buf) };
|
||||
bool accepted, positive, success = FALSE;
|
||||
bool accepted, positive, success = FALSE, use_bliss_b;
|
||||
|
||||
/* Initialize signature */
|
||||
*signature = chunk_empty;
|
||||
|
|
@ -184,6 +239,23 @@ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this,
|
|||
|
||||
fft = bliss_fft_create(this->set->fft_params);
|
||||
|
||||
/* Use of the enhanced BLISS-B signature algorithm? */
|
||||
switch (this->set->id)
|
||||
{
|
||||
case BLISS_I:
|
||||
case BLISS_II:
|
||||
case BLISS_III:
|
||||
case BLISS_IV:
|
||||
use_bliss_b = FALSE;
|
||||
break;
|
||||
case BLISS_B_I:
|
||||
case BLISS_B_II:
|
||||
case BLISS_B_III:
|
||||
case BLISS_B_IV:
|
||||
use_bliss_b = TRUE;
|
||||
break;
|
||||
}
|
||||
|
||||
while (true)
|
||||
{
|
||||
tests++;
|
||||
|
|
@ -284,20 +356,48 @@ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this,
|
|||
goto end;
|
||||
}
|
||||
|
||||
/* Compute s*c */
|
||||
multiply_by_c(this->s1, n, c_indices, this->set->kappa, s1c);
|
||||
multiply_by_c(this->s2, n, c_indices, this->set->kappa, s2c);
|
||||
if (use_bliss_b)
|
||||
{
|
||||
/* Compute v = (s1c, s2c) with the GreedySC algorithm */
|
||||
greedy_sc(this->s1, this->s2, n, c_indices, this->set->kappa,
|
||||
s1c, s2c);
|
||||
|
||||
/* Reject with probability 1/(M*exp(-norm^2/2*sigma^2)) */
|
||||
norm = bliss_utils_scalar_product(s1c, s1c, n) +
|
||||
bliss_utils_scalar_product(s2c, s2c, n);
|
||||
/* Compute norm = ||v||^2 = ||Sc'||^2 */
|
||||
norm = bliss_utils_scalar_product(s1c, s1c, n) +
|
||||
bliss_utils_scalar_product(s2c, s2c, n);
|
||||
|
||||
/* Just in case. ||v||^2 <= P_max should always be fulfilled */
|
||||
if (norm > this->set->p_max)
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Compute s*c */
|
||||
multiply_by_c(this->s1, n, c_indices, this->set->kappa, s1c);
|
||||
multiply_by_c(this->s2, n, c_indices, this->set->kappa, s2c);
|
||||
|
||||
/* Compute norm = |Sc||^2 */
|
||||
norm = bliss_utils_scalar_product(s1c, s1c, n) +
|
||||
bliss_utils_scalar_product(s2c, s2c, n);
|
||||
}
|
||||
|
||||
if (!sampler->bernoulli_exp(sampler, this->set->M - norm, &accepted))
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
DBG2(DBG_LIB, "norm2(s1*c) + norm2(s2*c) = %u, %s",
|
||||
norm, accepted ? "accepted" : "rejected");
|
||||
if (use_bliss_b)
|
||||
{
|
||||
DBG2(DBG_LIB, "norm2(s1*c') + norm2(s2*c') = %u (%u max), %s",
|
||||
norm, this->set->p_max, accepted ? "accepted" : "rejected");
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
DBG2(DBG_LIB, "norm2(s1*c) + norm2(s2*c) = %u, %s",
|
||||
norm, accepted ? "accepted" : "rejected");
|
||||
}
|
||||
if (!accepted)
|
||||
{
|
||||
continue;
|
||||
|
|
@ -523,8 +623,10 @@ METHOD(private_key_t, get_fingerprint, bool,
|
|||
}
|
||||
success = bliss_public_key_fingerprint(this->set->oid, this->A,
|
||||
this->set, type, fp);
|
||||
lib->encoding->cache(lib->encoding, type, this, *fp);
|
||||
|
||||
if (success)
|
||||
{
|
||||
lib->encoding->cache(lib->encoding, type, this, *fp);
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
||||
|
|
@ -834,16 +936,34 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
|
|||
|
||||
l2_norm = wrapped_product(f, f, n, 0) + wrapped_product(g, g, n, 0);
|
||||
nks = nks_norm(f, g, n, this->set->kappa);
|
||||
DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u (%u max)",
|
||||
l2_norm, nks, this->set->nks_max);
|
||||
if (nks < this->set->nks_max)
|
||||
|
||||
switch (this->set->id)
|
||||
{
|
||||
*s1 = f;
|
||||
*s2 = g;
|
||||
return TRUE;
|
||||
case BLISS_I:
|
||||
case BLISS_II:
|
||||
case BLISS_III:
|
||||
case BLISS_IV:
|
||||
DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u (%u max)",
|
||||
l2_norm, nks, this->set->nks_max);
|
||||
if (nks < this->set->nks_max)
|
||||
{
|
||||
*s1 = f;
|
||||
*s2 = g;
|
||||
return TRUE;
|
||||
}
|
||||
free(f);
|
||||
free(g);
|
||||
break;
|
||||
case BLISS_B_I:
|
||||
case BLISS_B_II:
|
||||
case BLISS_B_III:
|
||||
case BLISS_B_IV:
|
||||
DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u",
|
||||
l2_norm, nks);
|
||||
*s1 = f;
|
||||
*s2 = g;
|
||||
return TRUE;
|
||||
}
|
||||
free(f);
|
||||
free(g);
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
|
|
@ -855,7 +975,7 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
|
|||
bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
|
||||
{
|
||||
private_bliss_private_key_t *this;
|
||||
u_int key_size = 1;
|
||||
u_int key_size = BLISS_B_I;
|
||||
int i, n, trials = 0;
|
||||
uint32_t *S1, *S2, *a;
|
||||
uint16_t q;
|
||||
|
|
@ -879,11 +999,33 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
|
|||
break;
|
||||
}
|
||||
|
||||
/* Only BLISS-I, BLISS-III and BLISS-IV are currently supported */
|
||||
if (lib->settings->get_bool(lib->settings, "%s.plugins.bliss.use_bliss_b",
|
||||
TRUE, lib->ns))
|
||||
{
|
||||
switch (key_size)
|
||||
{
|
||||
case BLISS_I:
|
||||
key_size = BLISS_B_I;
|
||||
break;
|
||||
case BLISS_II:
|
||||
key_size = BLISS_B_II;
|
||||
break;
|
||||
case BLISS_III:
|
||||
key_size = BLISS_B_III;
|
||||
break;
|
||||
case BLISS_IV:
|
||||
key_size = BLISS_B_IV;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* Only BLISS or BLISS-B types I, III, or IV are currently supported */
|
||||
set = bliss_param_set_get_by_id(key_size);
|
||||
if (!set)
|
||||
{
|
||||
DBG1(DBG_LIB, "BLISS parameter set %u not supported");
|
||||
DBG1(DBG_LIB, "BLISS parameter set %u not supported", key_size);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
@ -1004,6 +1146,7 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
|
|||
bliss_bitpacker_t *packer;
|
||||
asn1_parser_t *parser;
|
||||
size_t s_bits = 0;
|
||||
int8_t s, s_min, s_max;
|
||||
uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value;
|
||||
bool success = FALSE;
|
||||
int objectID, oid, i;
|
||||
|
|
@ -1047,9 +1190,36 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
|
|||
{
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* Use either 2 or 3 bits per array element */
|
||||
s_bits = 2 + (this->set->non_zero2 > 0);
|
||||
if (lib->settings->get_bool(lib->settings,
|
||||
"%s.plugins.bliss.use_bliss_b",TRUE, lib->ns))
|
||||
{
|
||||
switch (this->set->id)
|
||||
{
|
||||
case BLISS_I:
|
||||
this->set = bliss_param_set_get_by_id(BLISS_B_I);
|
||||
break;
|
||||
case BLISS_III:
|
||||
this->set = bliss_param_set_get_by_id(BLISS_B_III);
|
||||
break;
|
||||
case BLISS_IV:
|
||||
this->set = bliss_param_set_get_by_id(BLISS_B_IV);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (this->set->non_zero2)
|
||||
{
|
||||
s_min = -2;
|
||||
s_max = 2;
|
||||
s_bits = 3;
|
||||
}
|
||||
else
|
||||
{
|
||||
s_min = -1;
|
||||
s_max = 1;
|
||||
s_bits = 2;
|
||||
}
|
||||
s_sign = 1 << (s_bits - 1);
|
||||
s_mask = ((1 << (32 - s_bits)) - 1) << s_bits;
|
||||
break;
|
||||
|
|
@ -1072,7 +1242,13 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
|
|||
for (i = 0; i < this->set->n; i++)
|
||||
{
|
||||
packer->read_bits(packer, &value, s_bits);
|
||||
this->s1[i] = (value & s_sign) ? value | s_mask : value;
|
||||
s = (value & s_sign) ? value | s_mask : value;
|
||||
if (s < s_min || s > s_max)
|
||||
{
|
||||
packer->destroy(packer);
|
||||
goto end;
|
||||
}
|
||||
this->s1[i] = s;
|
||||
}
|
||||
packer->destroy(packer);
|
||||
break;
|
||||
|
|
@ -1089,7 +1265,13 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
|
|||
for (i = 0; i < this->set->n; i++)
|
||||
{
|
||||
packer->read_bits(packer, &value, s_bits);
|
||||
this->s2[i] = 2*((value & s_sign) ? value | s_mask : value);
|
||||
s = (value & s_sign) ? value | s_mask : value;
|
||||
if (s < s_min || s > s_max)
|
||||
{
|
||||
packer->destroy(packer);
|
||||
goto end;
|
||||
}
|
||||
this->s2[i] = 2 * s;
|
||||
if (i == 0)
|
||||
{
|
||||
this->s2[0] += 1;
|
||||
|
|
|
|||
|
|
@ -410,6 +410,11 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
|
|||
for (i = 0; i < set->n; i++)
|
||||
{
|
||||
packer->read_bits(packer, &coefficient, set->q_bits);
|
||||
if (coefficient >= set->q)
|
||||
{
|
||||
packer->destroy(packer);
|
||||
return FALSE;
|
||||
}
|
||||
(*pubkey)[i] = coefficient;
|
||||
}
|
||||
packer->destroy(packer);
|
||||
|
|
|
|||
|
|
@ -177,6 +177,12 @@ bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (encoding.len == 0)
|
||||
{
|
||||
DBG1(DBG_LIB, "zero length BLISS signature");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.get_encoding = _get_encoding,
|
||||
|
|
@ -198,6 +204,7 @@ bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
|
|||
!packer->read_bits(packer, &z1_low, 8) ||
|
||||
!coder->decode(coder, &z1, &z2))
|
||||
{
|
||||
DBG1(DBG_LIB, "truncated BLISS signature encoding of z1/z2");
|
||||
coder->destroy(coder);
|
||||
packer->destroy(packer);
|
||||
destroy(this);
|
||||
|
|
@ -213,6 +220,7 @@ bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
|
|||
{
|
||||
if (!packer->read_bits(packer, &value, set->n_bits))
|
||||
{
|
||||
DBG1(DBG_LIB, "truncated BLISS signature encoding of c_indices");
|
||||
packer->destroy(packer);
|
||||
destroy(this);
|
||||
return NULL;
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue